From: Ryan Jantz <rjantz AT scifit DOT com<mailto:rjantz AT scifit DOT com>>
Date: Tuesday, November 20, 2012 6:06 PM
To: "bacula-users AT lists.sourceforge DOT net<mailto:bacula-users AT
lists.sourceforge DOT net>" <bacula-users AT lists.sourceforge DOT
net<mailto:bacula-users AT lists.sourceforge DOT net>>
Subject: Re: [Bacula-users] Webacula cannot execute bconsole
Hello again. So I've been reading and learning (a little) about SELinux today,
but I haven't made much progress. Setting selinux to permissive resolves the
error. Selinux context on my /var/www/webacula is:
drwxr-xr-x. apache apache system_u:object_r:httpd_sys_content_t:s0
Entries in /var/log/messages are:
bconsole: bsock.c:135 Unable to connect to Director daemon on localhost:9101.
ERR=Permission denied
My interpretation of that error is bconsole is not able to connect to
bacula-dir, but I can manually start bconsole. It seems the problem is when
apache or webacula tries to start bconsole
Selinux context on /usr/sbin/bacula-dir:
lrwxrwxrwx. root root unconfined_u:object_r:bin_t:s0
Selinux context on /usr/sbin/bconsole
-rwxr-x---. root bacula system_u:object_r:bin_t:s0
I'm not sure what permissions need to be modified. Any ideas?
Thanks
On 11/20/2012 6:31 AM, Ryan Jantz wrote:
Yes.
I figured out SELinux is the problem. If I disable it, the errors stop. Now to
figure out how to configure SELinux so it plays nice with Apache.
Thanks
On Nov 20, 2012, at 2:17 AM, Radosław Korzeniewski <radoslaw AT korzeniewski
DOT net<mailto:radoslaw AT korzeniewski DOT net>> wrote:
Hello,
2012/11/19 Ryan Jantz <rjantz AT scifit DOT com<mailto:rjantz AT scifit DOT
com>>
I am able to run the above command in terminal as root and the apache user
without any errors. The apache user is a member of the bacula group.
(...)
Any ideas?
Did you restart an apache webserver?
best regards
--
Radosław Korzeniewski
radoslaw AT korzeniewski DOT net<mailto:radoslaw AT korzeniewski DOT net>
------------------------------------------------------------------------------
SELinux is not a simple modify permissions type of fix. You will need to
create the policies within SELinux in order to provide the "permissions" in the
extended attributes that allows Webacula to interact with the director. This
is not a trivial exercise, but would be quite valuable to the community if
successful. This is why many shops don't consistently use SELinux in enforcing
mode.
Patti Clark
Linux System Administrator
Research and Development Systems Support Oak Ridge National Laboratory
------------------------------------------------------------------------------
Monitor your physical, virtual and cloud infrastructure from a single
web console. Get in-depth insight into apps, servers, databases, vmware,
SAP, cloud infrastructure, etc. Download 30-day Free Trial.
Pricing starts from $795 for 25 servers or applications!
http://p.sf.net/sfu/zoho_dev2dev_nov
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
|